The majority of UK companies are leaving their networks wide open to serious security risks arising from failure to control fast growing staff use of insecure ‘plug & play’ portable devices.
According to a recently published study, almost two thirds of UK employees admit to connecting unchecked devices to corporate networks and more than a third said that devices were obtained from third parties as gifts, with no clearly identifiable source.
The BeCrypt Mobile Enterprise Security Study 2004 found that 85 per cent of British firms are flirting with disaster, with no security policies in place to control spiralling use of USB devices including memory keys, flash drives, music players such as the Apple iPod and smart mobile phones.
Out of 238 survey respondents nearly a quarter admitted having lost portable storage devices and more than half claimed ignorance over the impact that the misuse of portable storage devices could have on overall data security.
More than half of those employees surveyed said they had connected devices to computers at work in order to take data off site, introducing the risk of accidental or malicious use of external media to ‘leak’ private or classified data.
The need for employers to give more guidance on how to use portable storage devices in the work place and the related personal liabilities was also highlighted by 85 per cent of employees.
“Sloppy security practices and policy is making the rise of USB devices a real menace for British employers,” said Peter Jaco, CEO, BeCrypt.
“The problem is that USB device users are free to connect any device they wish and could remove key corporate data. Security policies need to lockdown USB device use, but also regulate and permit usage where devices are truly useful.”
BeCrypt’s Mobile Enterprise Security Study surveyed the views of a random sample of employees during July to September 2004.